Hi, to cut to the point, through some unfortunate circumstances we have lost our AD integrated subordiante CA. All we currently have left is our Standalone Root CA, and a copy of the cert that was issued to the subordinate CA when it was setup. The OS is Windows Server 2008. We don't have any copies of the certificate database, registry or anything.So, wondering some opinions on our options for the best way to recover. The good thing is, we have only handed out a few cert's, and have not rolled this out on a large scale yet. It's my guess that those certs that were issued will be fine until they need to be renewed.So, since we do have the original cert that was used to setup the subordinate CA the first time, is there a way that we can rebuild this server with that same name using the orginal cert? I expect we will lose certificates that were issued from the database of a new sub CA, but what about the certificate templates, there are stored in AD, can those still be accessed?Or, are we best to create a new sub CA with a new name and re-issue the few certs that we had issued in the past?Thanks for any assitance you guys can share.

Hi,Based on my understand, most of the certificates issued by the sub CA cannot be used after the CRL expires. For more information about certificate revocation checking, please refer to the following articleCertificate Revocation and Status Checkinghttp://technet.microsoft.com/en-us/library/bb457027.aspx#EKAAAs there is no any backup for the sub CA, I'd install a new one to prevent any confliction. And yes, you can use the existing certificate templates, for they are stored in AD.This posting is provided "AS IS" with no warranties, and confers no rights.